OpenVPN with Pi-Hole and DNSCrypt on Raspberry Pi

Yes, you can get the benefit of running Pi-Hole for ad-free-browsing while away from your house with a OpenVPN (I actually use PiVPN.io), Pi-Hole, and DNSCrypt.

Akin to my last post, I didn't originally write this tutorial. This one comes from Yee Chie's website itchy.nl. Most of this is his, however, I've changed some to benefit you and I for an easier setup. I'm posting it here so I can get to it when I need to.

I'm using Ubuntu for this as that's what I use on this RPi (I do use Raspian for my lowly little RPi Zero Pi-Hole). Let's jump into it.

Install OpenVPN

As I noted above I use PiVPN as my go-to for installing OpenVPN. Call me lazy, but it does save a few minutes of my life to let the scripts run the install. If you you've ever installed Pi-Hole before, this will look familiar:

With this address noted we need to open our .config and make a minor edit using sudo nano /etc/openvpn/server.conf and you'll be presented with this:

We need to add our tun0 address to the mix by placing it just below the current two entries:

Comment out (add #) the first and second DNS (8.8.8.8 and 8.8.4.4) then add your own using the 10.8.0.1. Save this file (Control +x) and exit.

Then restart your OpenVPN sever using sudo systemctl restart openvpn.

Install Pi-Hole

Using their script you can simply run curl -sSL https://install.pi-hole.net | bash to install Pi-Hole.

During the installation you'll be asked what network interface Pi-Hole should use. You must use the tun0 interface. Let it run and note your password on the last screen (or change it whenever using pihole -a -p).

After your changes are saved (Control +x) we need to install the DNSCrypt proxy service via sudo ./dnscrypt-proxy -service install

Start the proxy via sudo ./dnscrypt-proxy -service start

Configure Pi-Hole

To make this all come together we need to make one final edit via the Pi-Hole configuration/admin page; add our listening address and new port (54). It should read 172.0.0.1#54. It may differ for you, but in the US, it's safe to say this is what it'll be unless you changed something with your own system. Note the "#" as opposed to the traditional ":". Here's what mine looks like:

And that's it. Your VPN is set up to use Pi-Hole (and a little extra security of DNSCrypt to keep your connection safer).